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and the passage from the local to the global 
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The ancient unsolved problem of congruent numbers has been reduced 
to one of the major questions of contemporary arithmetic : the finiteness 
of the number of curves over Q which become isomorphic at every place to 
a given curve. We give an elementary introduction to congruent numbers 
and their conjectural characterisation, discuss local-to- global issues leading 
to the finiteness problem, and list a few results and conjectures in the 
arithmetic theory of elliptic curves. 

The area a of a right triangle with sides a, 6, c (so that a 2 + b 2 = c 2 ) 
is given by 2a = ab. If a, 5, c are rational, then so is a. Conversely, 
which rational numbers a arise as the area of a rational right triangle 
a,b,c7 This problem of characterising "congruent numbers" - - areas of 
rational right triangles — is perhaps the oldest unsolved problem in all of 
Mathematics. It dates back to more than a thousand years and has been 
variously attributed to the Arabs, the Chinese, and the Indians. 

Three excellent accounts of the problem are available on the Web : 
Right triangles and elliptic curves by Karl Rubin, Le probleme des nombres 
congruents by Pierre Colmez, which also appears in the October 2006 issue 
of the Gazette des mathematiciens, and Franz Lemmermeyer's translation 
Congruent numbers, elliptic curves, and modular forms of an article in 
French by Guy Henniart. A more elementary introduction is provided by 
the notes of a lecture in Hong Kong by John Coates, which have appeared 
in the August 2005 issue of the Quaterly journal of pure and applied 
mathematics. A detailed account is to be found in the Introduction to 
elliptic curves and modular forms (Springer, 1984) by Neal Koblitz. None 
of these sources goes beyond the theorems of Coates & Andrew Wiles [2] 
(see Theorem 14) and of Jerrold Tunnell [18] (see Theorem 25). 

In 1991, Rubin [12] (see Theorem 15) reduced the congruent number 
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problem to a natural finiteness question in the arithmetic of elliptic curves 
(with "complex multiplications"). An excellent survey of such finiteness 
questions can be found in Barry Mazur's article [11]. 

These notes consist of three parts of quite different nature. The first part 
is an elementary presentation of the problem of congruent numbers (§1) 
and its conjectural solution (§2) ; the material here is borrowed from the 
accounts which have been cited. The second part introduces local number 
fields (§3) and discusses the local-to-global principle — its validity in the 
case of conies (§4) and its failure in the case of cubics (§5) — in a language 
which can be understood by bright undergraduates. The last part, which 
requires greater mathematical maturity, is a catalogue of results — some 
old, some new — and conjectures in the arithmetic theory of elliptic curves 
in general (§6) and those without complex multiplications in particular 
(§7) ; it ends with a word about the role played by modular forms (§8). 

I thank Pere Clark for a very careful reading of the manuscript, and for his 
suggestions for improvement. 

1. Congruent numbers 

If a rational number a is the area of a right triangle with rational 
sides, then so is a(3 2 for every rational (3 G Q x . Indeed, if a is the area 
of a rational right triangle with sides a, 6, c, then a(3 2 is the area of the 
rational right triangle with sides a\(3\, b\{3\, c\{3\. So, up to replacing a by 
a/3 2 for a suitable /?, we may assume that a is an integer, and moreover 
that a is not divisible by the square of any prime number. In other words, 
we assume that a is a positive squarefree integer. 

Definition 1. — A positive squarefree integer a is said to be a congruent 
number if there exist a, 6, c G Q such that a 2 + b 2 = c 2 and ab = 2a. 

The terminology is classical and comes from the fact that a is congruent 
if and only if it is the common difference (congruum, in Latin) of a three- 
term arithmetic progression of rational squares. For if a is the area of a 
rational right triangle with sides a < b < c, then, putting d = (c/2) 2 , 
the arithmetic progression d — a, d, d + a consists of rational squares. 
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Conversely, if there is a rational number d such that d — a, d, d + a are all 
three squares, then a is the area of the rational right triangle with sides 
\J d + a — y/d — a, \J d + a + y/d — a and 2y/d. 

The problem is to determine which numbers are congruent. Let us 
first study the single equation a 2 + b 2 = c 2 in rational numbers > 0. 
Two solutions (a,b,c), (a',b',c') of this equation are called equivalent if 
a = A. a', b = \.b', c = X.c' for some A G Q x . A rational solution is called 
primitive if a, 6, c G Z, and if they have no common prime divisor. Every 
rational solution is equivalent to a primitive one, and no two primitive 
solutions are equivalent. 

Reducing a primitive solution modulo 4, we see that precisely one of 
a, b is even. 

Proposition 2. - - Let (a, 6, c) be a primitive solution of a 2 + b 2 = c 2 , 
with a = 2t even. Then there exist integers m > n > 0, gcd(m, n) = 1, 
m^n (mod. 2), such that 

(1) a = 2mn, b = m 2 — n 2 , c = m 2 + n 2 . 

Proof : As b is odd, so is c. Hence c + b and c — b are even ; write c + b = 2u 
and c — b = 2v. If a prime number divides both u and v, it would divide 
their sum u + v = c and their difference u — v = b. But gcd(6, c) = 1, so we 
have gcd(w, v) = 1. The relation a 2 + b 2 = c 2 implies that t 2 = uv, which 
shows that each of u, v must be a square. Putting u = m 2 , v = n 2 proves 
(1). Finally, if m = n (mod. 2), then 2 would divide a, 6, c and the solution 
would not be primitive. 

Let C be a projective conic with a rational point O, for example the one defined by 
a 2 + b 2 = c 2 , with O = (1 : : 1). Denoting by D the projective line of lines through 
O, the morphism / which sends a point P 6 C to the line /(P) € D passing through O 
and P — the tangent to C at O if P = O — is an isomorphism. 

This result allows us to generate a list which will eventually contain 
any given congruent number : it suffices to go through the list of all 
such pairs (m,n), compute the area mn(m 2 — n 2 ) of the triangle (1), and 
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take the "squarefree part". Thus the pair (2,1) shows that the number 
6 = 2.1.(2 2 — l 2 ) is congruent. 

Retaining only the squarefree parts of the numbers produced by this 
procedure, the first few congruent numbers which show up are 

(2) 5, 6, 7, 13, 14, 15, 21, 22, 23, 29, 30, 31, 34, 37, 38, 39, 41, . . . 

Note that we have not proved that the numbers 1,2,3 are not congru- 
ent ; it may simply be that they haven't yet shown up on the list ! Indeed, 
Leonardo of Pisa (called Fibonacci) (1175-1240) was challanged to find a 
rational right triangle of area 5 (he succeeded) and he conjectured that 1 is 
not congruent; this was settled much later by Pierre Fermat (1601-1665). 

How can we determine if a specific number such as 157 is congruent? 
The naive approach, suggested by the discussion just after Definition 1, 
would be to go through a "list" of squares d of rational numbers and 
to see if both d — 157 and d + 157 are squares. There is indeed such 
a "list" : first we go through the squares of the finitely many rational 
numbers whose numerator and denominator have at most one digit, then 
through the squares of those — again finitely many — whose numerator 
and denominator have at most two digits, and so on. It turns out that the 
first square which works, according to Don Zagier, is 

/ 224403517704336969924557513090674863160948472041 \ 2 
V2 x 8912332268928859588025535178967163570016480830; 

Clearly, this number could not have been found by the naive approach; 
some theory is needed. Also, as before, this approach cannot prove that 
the given number, for example 1, is not congruent. 

Theorem 3 (P. Fermat, ~ 1640). — The number 1 is not congruent. 

Proof : We have to show that there is no rational right triangle whose area 
is a square. If there is such a triangle, we may assume, as before, that 
its sides are integers not divisible by the square of any prime number. 
Fermat's idea of infinite descent consists in showing that if there were 
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such a "primitive" triangle whose area is a square, then there would be a 
smaller primitive triangle whose area is also a square. Clearly, this cannot 
go on for ever. 

Let (a, 6, c) be a primitive triangle whose area is a square. Assume that 
a is even and write a = Iran, b = m 2 — n 2 , c = m 2 +n 2 , with gcd(m, n) = 1 
(Proposition 2). As the area 

mn(m + n)(m — n) 

is a square, and as no two of the four factors have a common prime divisor, 
all four must be squares : 

m = x 2 , n = y 2 , m + n = u 2 , m — n = v 2 . 

We have gcd(u,v) = 1, and both u, v are odd because their product b is 
odd. We also have u 2 = v 2 + 2y 2 , which we rewrite as 

(3) 2y 2 = (u + v)(u-v). 

As -U, v are odd and gcd(w, v) = 1, we have gcdfw + f, u — v) =2. So one of 
the two factors on the right in (3) must be of the form 2r 2 and the other 
of the form 4s 2 . In any case, the sum of their squares is 16s 4 + 4r 4 . At the 
same time, (u + v ) 2 + (u — v) 2 = 2(u 2 + v 2 ) = Am = Ax 2 . Comparing these 
two results, we get 4s 4 + r 4 = x 2 , which means that (2s 2 , r 2 , x) is also an 
integral right triangle whose area (rs) 2 is a square. This triangle is smaller 
than our original triangle (a, 6, c) because x 4 = m 2 < m 2 + n 2 = c; it may 
not be primitive, but the corresponding primitive triangle is even smaller. 

The passage from the triple (a, b, c) to the triple (2s 2 , r 2 , x) can be construed as 
division by ±2 on the elliptic curve Ci : y 2 = x a — x ; cf. the discussion before Exercise 7, 
and the beginning of § 6. The idea of the size of a triple leads the notion of height of a 
rational point on an elliptic curves. 

Corollary 4. — The equation x 4 — y 4 = z 2 has no solutions in integers 
with xyz 7^ 0. 

Proof: If there were a solution, the integral triangle (2x 2 y 2 , x 4 — y 4 , x 4 +y 4 ) 
would have square area (xyz) 2 . 
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Corollary 5. — The equation x 4 + y 4 = z 4 has no solutions in integers 
with xyz 7^ 0. 

Proof : If there were a solution, we would have z 4 — y 4 = (x 2 ) 2 . 

The system of equations (a 2 + b 2 = c 2 ; ab = 2a) whose solvability in 
rational numbers characterises a as a congruent numbers can be changed 
into a single, more familiar, equation. 

Proposition 6. — The integer a is congruent if and only if the equation 
(4) C a : ay 2 = x s - x 

has a solution ijeQ with y ^ 0. 

Proof: If (x, y) is such a solution, then the area of the rational right triangle 
(2|x|, \x 2 — 1|, \x 2 + 1|) is a, up to a rational square (y 2 ). Conversely, let 
(a, 6, c) be a rational right triangle and write 

a = A.2mn, b = A.(m 2 — n 2 ), c = A.(m 2 + n 2 ) (m, n E Z) 

for some A G Q x (Proposition 2). If the area of this triangle is a, we have 
a = \ 2 .mn(m 2 — n 2 ), which means that (4) has the solution x = m/n and 
y = 1/Xn. 

From a given rational point P = (x, y) (j/ 7^ 0) on C a (4) we can 
generate infinitely many others : the tangent to C Q at the point P meets C Q 
at another rational point Pi = (xi, y\), and this process can be continued; 
it can be shown not to terminate (cf. the discussion of torsion points on 
C Q , before Theorem 18) . 

(x 2 + l) 2 x 6 - 5x 4 - 5x 2 + 1\ 
4x(x 2 - 1)' 8aV )' 

This has an amusing consequence which is not at all obvious at the 
outset : 

Corollary 8. — If (a squarefree positive integer) a is congruent, then it 
is the area of infinitely many rational right triangles. 



Exercise 7. — (xi,yi) = 
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Corollary 9. — A squarefree positive integer a is congruent if and only 
if the equation ay 2 = x 3 — x has infinitely many solutions x,y G Q. 

Here are the first few rational squares d such that both d — 6 and d + 6 
are squares : 

/ 5 \ 2 / 1201 \ 2 / 7776485 \ 2 ( 2094350404801 \ 2 
\2xlJ ' \2 x 70 J ' \2 x 1319901 J ' \2 x 241717895860 J 

The morphism y t— > \fay shows that the curves Ci and C a become isomorphic over 
Q(\/a) ; this is expressed by saying that G a is a "quadratic twist" of Ci. The problem 
of congruent numbers thus consists in characterising the quadratic twists of the fixed 
elliptic curve Ci which have infinitely many rational points. 

2. The conjectural solution 

After these elementary observations, let us give the conjectural answer 
to the problem of characterising congruent numbers. 

Recursively define the polynomial g r (T) = # r _i(T)(l - T 8r )(l - T 16r ), 
starting with gi (T) = T(l - T 8 )(l - T 16 ). Notice that g r (T) - g r -i(T) is 
of degree > 8r, which means that the polynomials g r and g r -i have the 
same terms till degree 8r. This implies that as r — > +oo, the g r tend to a 
formal series g £ Z[[T]]. 

Notation 10. — For j = 1, 2 and integer n > 0, define Cj(n) as being the 
coefficient of T n in the formal series g(T)6j(T), where 

^(T) =T JJ(l-T 8n )(l-T 16n ) and 0j(T) = 1 + 2 ^ t 2 - 7 " 2 . 

n=l n=l 

Notice that the numbers Cj(n) are quite easy to compute. Here are the 
first few, for n odd and squarefree. 



n 


1 


3 


5 


7 


11 


13 


15 


17 


19 


21 


23 


ci(n) 


1 


2 








-2 








-4 


-2 








C2(n) 


1 





2 








-2 











-4 






Table 11 
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Exercise 12. — Let n be an odd squarefree integer. If n = 5,7 (mod. 8), 
then ci(n) =0. If n = 3 (mod. 4), then C2(n) = 0. 

For the remainder of this section, let a be a squarefree integer > 0, and 
write a = jn, with j = 1, 2 and n odd. 

Conjecture 13. - - The number a = jn is congruent if and only if 
Cj {n) = 0. 

As we shall see, this conjecture is implied by Conjecture 24 (Birch and 
Swinnerton-Dyer), combined with Theorem 25 (Tunnell). 

The reader should marvel at how unexpected the (conjectural) char- 
acterisation is, how far-removed from rational right triangles and their 
areas ! 

The physicist Richard Feynman claims in his Surely you are joking that he could 
guess whether a mathematical statement explained to him in elementary terms was true 
or false. It would have been interesting to have given him Definition 1 and Notation 10, 
and to have asked him if Conjecture 13 is true. 

We do know one of the implications in Conjecture 13 : 

Theorem 14 (J. Coates & A. Wiles [2]). — If cj(n) ^ 0, then a = jn is 
not congruent. 

It follows for example that the numbers 1,2,3,10,17,19,26 and 42 
(Table 11) are not congruent (cf. Theorem 3). 

If the squarefree odd integer n is = 3 (mod. 4) (resp. =5,7 (mod. 8)), 
then 2n (resp. n) should be congruent (Exercise 12, Conjecture 13), and 
the first few such n are indeed so (cf. (3)). In a paper which became 
influencial when it was properly understood, an obscure schoolteacher by 
the name of K. Heegner proved that this is true if n is prime [6] . 

However, in general, the result is only conditional. It is conditional on 
the finiteness of a certain set S a , which will be discussed in detail in later 
parts of this report (cf. Conjecture 16). Suffice it to say here that the 
finiteness of the set S Q is equivalent to the finiteness of the group HI(E a ) 
which is more familiar to arithmeticians. We have chosen to formulate 
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things in terms of S a , which can be defined in elementary terms. 

Theorem 15 (K. Rubin [12]). — // Cj(n) = and if the set S a is finite, 
then the number a = jn is congruent. 

Note that if Cj(n) = and if S a is finite, then Theorem 15 shows that a 
is congruent without exhibiting a rational right triangle of area a. However, 
in some cases ("rank 1"), the set S a is known to be finite and there is 
a method ("Heegner points") for constructing such a triangle. Zagier's 
example showing that 157 is congruent, displayed before Theorem 3, is of 
this type. 

3. Local number fields 

The group Q x (modulo its torsion subgroup {1, —1}) admits the set of 
prime numbers as a Z-basis. For every prime number p, there is thus a 
unique homomorphism v p : Q x — > Z such that v p (p) = 1 and v p (l) = 
for every prime number I ^ p; extending it to Q by v p (0) = +oo, we get 
a discrete valuation, because it satisfies 

v P (x + y)> M(v p (x),v p (y)) for all x, y G Q. 

Define | \ p : Q — > R by \x\ p = p~ v p( x ^ (convention : p~°° = 0). Then 
\x — y\ p is a distance on Q with respect to which it can be completed to 
obtain a field Q p much in the same way as we obtain the field R from Q by 
completing it with respect to the usual distance \x— y\oo = sup(x— y, y—x). 
For this reason, the field of real numbers is sometimes denoted Qoo . 

It can be shown that the v p (p prime) are the only discrete valuations, and | |oo 
the only archimedean absolute value, on the field Q (A. Ostrowski, 1918). Thus the 
absolute values | \ p (p prime or p = oo) determine all the places of Q. 

The fields Q p (including p = oo) play a fundamental role in arithmetic. 
It is always a good idea to first study "global questions" - - questions 
about rational numbers — everywhere "locally" in the fields Q p , before 
trying to answer the original question. We discuss a basic example in the 
next section. 
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For p prime, the field Q p comes equipped with a continuous discrete 
valuation extending v p ; elements of positive valuation form a subring Z p 
("the ring of integers") in which pZ p is the unique maximal ideal. The 
quotient Z p /pZ p is the finite field F p ("the residue field") of p elements. 

All books on Number Theory (Artin, Hasse, Weil, Serre, Kato-Kurokawa-Saito, . . .) 
provide an introduction to the fields Q p and their extensions. 

4. The local-to-global principle for conies 

To avoid speaking of curves, we use the equivalent language of a, function 
field F over a field k : a finitely generated extension of k in which k is 
algebraically closed; we'll be mostly concerned with the case when F has 
transcendence degree 1 over k. Concretely, if / G k[x,y] is an absolutely 
irreducible polynomial — one which remains irreducible over every finite 
extension of k — , then the field of fractions F of the (integral) ring 
k[x, y]/fk[x, y] is a function field over k ; we write F = k(x,y), with the 
relation / = 0. For every extension L of k, we then get a function field 
over L by "extending the scalars" of F from k to L : the field of fractions 
of L[x,y]/fL[x,y]. 

Let us fix an algebraic closure Q of Q. Clearly, the function field Q(T) 
becomes isomorphic to Q(T) over Q. Are there any others which do ? And, 
is there a way to classify them all ? 

Fix an algebraic closure Q p of Q p . The corresponding local question 
is : find all function fields over Q p which become isomorphic over Q p to 
Q P (T). Such functions fields will be called solutions to our problem. 

The trivial solution to the problem is the rational function field Q P (T). 
It can be shown that there is precisely one other solution; let us call it F p . 
Thus the function field F p is not the rational function field but becomes 
(isomorphic to) the rational function field over Q p . For example, when 
p = oo, the field Foo is Q,oo(x,y) with the relation x 2 + y 2 + 1 = 0. 
Moreover, for every place p, it is an easy matter to decide if a given "local 
solution" is isomorphic Q P (T) or to F p . 

Now, if F is "global solution" to our problem, then it is a "local solution" 
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everywhere. In other words, if F is a function field over Q which becomes 
the rational function field over Q, then F becomes isomorphic to one of 
Q P (T), F p over every completion Q p of Q, including p = oo. 

What can be shown is that every F becomes isomorphic to Q P (T) for 
almost every p, the places where it doesn't — there are thus only finitely 
many of them — are even in number, and, given any finite set E of places, 
even in number, there is a unique global solution which becomes isomorphic 
to F p for all p G E and to Q P (T) for all p ^ E. 

There are many equivalent ways — curves of genus 0, quadratic forms in three 
variables, quaternion algebras — of expressing this principle. 

It follows that if two global solutions F, F' are "everywhere locally 
isomorphic" (become isomorphic to each other at every place p, includ- 
ing p = oo), then they are Q-isomorphic. This happy circumstance is 
expressed by saying that such function fields obey the local-to-global prin- 
ciple. (In fact, in the case at hand, it is sufficient to demand that F, F' be 
isomorphic at all places but one; they are then automatically isomorphic 
at the remaining place.) 

The best accounts of this circle of ideas, in the equivalent language of quadratic 
forms, are to be found in Serre's Course in arithmetic and in Number theory 1, Fermat's 
dream by Kato, Kurokawa and Saito. A theorem of Adrien-Marie Legendre can be 
considered to be a precursor of local-to-global considerations, see Weil's Number theory, 
an approach through history. 

I don't know of any classification of function fields over Q which become the 2- 
variable rational function field over every completion. 

5. The failure of the local-to-global principle 

In the last section we saw that the local-to-global principle holds for 
functions fields over Q which become isomorphic over Q to the rational 
function field. Such function fields are of the form Q(x, y), ax 2 + by 2 = 1, 
for some a, b G Q x , and it is easy to decide when this field is isomorphic 
to the one defined by a'x 2 + b'y 2 = 1 (a', b' G Q x ), because it suffices to 
check that they are isomorphic everywhere locally. 
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In the early 1940s, Carl-Erik Lind and Hans Reichardt found the first 
examples of function fields which violate the local-to-global principle. 
Equivalently, Reichardt showed that 2y 2 = 1 — 17x 4 has solutions in every 
completion of Q but no rational solutions — not even "at infinity" . 

Lind's thesis was reviewed by Andre Weil in the Mathematical Reviews, and it is 
amazing to note that he does not mention this discovery. Nor does the reviewer of 
Reichardt's paper, in spite of the explicit title : Einige im Kleinen uberall losbare, im 
Grossen unldsbare diophantische Gleichungen. It must be said that the first instance 
of the failure of a local-to-global principle, due to Hasse, was discovered by him after 
he had proved its validity for quadratic forms. 

The example most commonly cited these days, originating with Ernst 
Selmer, is that of the function field Q(x, y), 3x 3 + 4y 3 + 5. Cf. Example 27. 

Let a be a squarefree integer > and consider the function field Q(C Q ) 
defined by the equation C a : ay 2 = x 3 — x. It may happen that there 
are many function fields F over Q which become isomorphic to Q(C Q ) at 
every place p of Q. In other words, Q(C Q ) may have "twisted forms" F 
which become isomorphic to it when we extend scalars of F and Q(C a ) 
from Q to Q p . Let us denote the set of isomorphism classes of such F by 
S a . This is the set which appears in Theorem 15. 

Thus the problem of congruent numbers would be solved if we could 
settle the following conjecture, whose generalisation Conjecture 26 is a 
major open question in contemporary arithmetic. 

Conjecture 16 (I. Shafarevich & J. Tate). — For every a, the set S Q of 
function fields which become isomorphic to Q(C a ) at every place is finite. 

The more standard version of this conjecture asserts the finiteness of 
the group HI(E a ), whose definition is more advanced. The reader who 
knows it should be able to prove that S a is finite if and only if LU^Eo.) is 
finite [11]. The same remark applies to Conjecture 26. 

We have seen that the congruent number problem amounts to the 
arithmetic study of the equation ay 2 = x 3 — x, which can be rewritten as 
y 2 = x 3 — a 2 x. The rest of this report is devoted to a rapid survey of the 
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arithmetic of equations of the type y 2 = f(x), where / 6 Q[x] is a monic 
cubic polymonial with distinct roots (in Q). 

6. Elliptic curves : results and conjectures 

In the next two sections, we enumerate some arithmetic properties of 
elliptic curves. For the sake of simplicity, we work over the field Q ; the only 
exceptions being a result over finite fields, one over Q p , and an example 
over Q(i). 

An elliptic curve E over a field k is a curve defined in the projective 
plane by an equation of the type 

(5) f(x,y) = y 2 + aixy + a 3 y-x 3 -a 2 x 2 -a 4 x-a 6 = (aj e k) 

without singularities, a condition which says that the discriminant A 
- a certain polynomial in the aj - - is 7^ 0, or equivalently that the 
corresponding function field is of "genus 1" , unlike the function fields which 
become isomorphic to Q(T), which are of genus 0. 

More precisely, the discriminant of / — the result of elliminating x, y 
from /, f' x , f' y — is 

A = -b 2 b 8 - 2 3 bl - 3 3 b 2 6 + 3 2 b 2 b 4 b 6 

where 

t>2 = ol\ + 2 2 a 2 , b 4 = aias + 2a 4 , b^ = a 2 + 2 2 a% 

and 

b 8 = b 2 a 6 - aia 3 a 4 + a 2 a\ - a 4 . 

The curve E has a "point at infinity" O ; for any extension L of k, there 
is a natural group law on the set E(L) consisting of O and the solutions of 
(5) in L, uniquely determined by the requirement that O be the origin and 
that the sum of the three points (counted with multiplicity) in which E 
intersects a given line be O; the groups E(L) are commutative. Elements 
of E(L) can be identified with triples {x,y,z) 7^ (0,0,0) (x,y,z E L) 
satisfying the homogenised version of (5) ; two such triples being considered 
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the same if each is a multiple of the other by an element of L x . Two 
elliptic curves are isomorphic if the corresponding function fields over k 
are fc-isomorphic. 

Let C be a smooth proper absolutely connected genus- 1 fc-curve and let J be its 
jacobian — a 1-dimensional abelian k- variety. If C has a fc-rational point O, there is a 
unique fc-morphism C — > J sending a point P to the class of the divisor P — O ; it is an 
isomorphism. 

For surveys of arithmetic on elliptic curves, see Cassels [1] and Tate [16]. 

Theorem 17 (L. Mordell, 1922). — For every elliptic curve E over Q, the 
group E(Q) is finitely generated. 

This result was conjectured by Henri Poincare around 1900. Mordell's 
proof is a generalisation of Fermat's method of infinite descent — employed 
in the proof of Theorem 3 — ; its modern renditions consist of two parts. 

The first part shows that the group E(Q)/2E(Q) is finite. The second 
part studies a canonical real- valued "height" function h on E(Q), coming 
from the various absolute values of Q. The method of infinite descent is 
distilled in the statement that a commutative group T, endowed with such 
a function h, for which 17/21? is finite, is necessarily finitely generated. 

Accounts of the proof can be found in the books by Weil and Kato-Kurokawa-Saito 
cited above, as well as in Silverman- Tate, Rational points on elliptic curves. 

By contrast, the corresponding local result says that for an elliptic curve 
E over R, the group E(R) has a subgroup of index at most 2 isomorphic to 
R/Z, and, for an elliptic curve E over Q p (p prime), E(Q P ) has a subgroup 
of finite index isomorphic to Z p . Thus, for an elliptic curve E over Q, 
although the three groups Q, Q x , E(Q) have very different structures, 
they are "almost the same" everywhere locally. However, the indices in 
question are important local invariants of E. 

For a given E over Q, the torsion subgroup of E(Q) is easy to determine 
(E. Lutz) ; for example, the torsion subgroup of C Q (Q) consists of O and 
the three points (-1,0), (0,0), (1,0) of order 2. 
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Theorem 18 (B. Mazur [10]). — Let E be an elliptic curve over Q. The 
torsion subgroup of E(Q) is isomorphic to one of the fifteen groups 

Z/mZ (m = 1, 2, ... , 10, 12), Z/2Z x Z/2uZ {y = 1, 2, 3, 4). 

No uncondtional method is known, however, for determining the rank 
of E(Q) for a given E. The set of possible ranks for variable E is not known 
either, but N. Elkies has recently produced examples where rkE(Q) is at 
least 28. We shall mostly concentrate on the question of deciding if the 
rank is or > 0. 

Let p be a prime number and let E be an elliptic curve over Q p , given 
by an equation (5). We may assume by a change of variables that G Z p ; 
the discriminant A is then in Z p . If the G Z p can be so chosen that 
A G Z^ , we say that E has good reduction at p ; if so, the equation (5), read 
modulo p, defines an elliptic curve E p — uniquely determined by E and p 
- over the finite field F p , and there is a homomorphism E(Q p ) — > E p (F p ) 
which sends a point to the reduction modulo p of any of its representatives 
(x,y,z) with coordinates in Z p and at least one coordinate in Z p . 

There is a criterion for good reduction ("Neron-Ogg-Shafarevich"). Let 
Q p be an algebraic closure of Q p . There is a unique extension of v p to 
a valuation v p : Q p — > Q of which the residue field F p is an algebraic 
closure of F p . The inertia group is the kernel of the natural surjection 
Gal(Qp|Qp) — > Gal(Fp|F p ) ; it acts on the m-torsion m E(Q p ) for every to. 

Theorem 19 (J.-P. Serre & J. Tate [14]). — An elliptic curve E over Q p 
has good reduction if and only if the the action of the inertia group on 
m E(Qp) is trivial for every to prime to p. 

Every elliptic curve E over Q has good reduction at almost all primes. 
One might ask to what extent E is determined by the the number |E p (F p ) | 
of points modulo p for varying p. We say that two elliptic curves are 
isogenous if their function fields can be embedded into each other. 

Theorem 20 (G. Faltings [4]). — If E' is an elliptic curve over Q such 
that |E p (F p )| = |Ep(Fp)| for almost all primes p, then E' is isogneous 
to E. 
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There are only finitely many such E' because isogenous curves are 
known to have good reduction at the same primes (cf. Theorem 19) : 

Theorem 21 (I. Shafarevich, 1962). - - Given a finite set T of primes, 
there are only finitely many elliptic curves over Q having good reduction 
at every prime p ^ T. 

There is a sense in which the more fundamental quantity is not |E P (F P )| 
but a p (E), defined by |E p (F p )| = 1 — a p (E) +p, and there is sense in which 
the following theorem is the analogue, for function fields of elliptic curves 
over finite fields, of the famous Riemann Hypothesis : "the zeros in the 
critical strip < Re(s) < 1 of the zeta function ( of Q have real part |". 

Theorem 22 (H. Hasse, 1933). — Let A be an elliptic curve over a finite 
field k of q elements. Define the integer a by |A(fc)| = 1 — a + q. Then 
\a\ < 2y/q. 

Returing to our E over Q, Birch and Swinnerton-Dyer argued that if 
E(Q) is infinite, the groups E p (F p ) (for p a prime of good reduction for 
E) should have more elements "on the average" than if E(Q) is finite. In 
view of Hasse's theorem, the product Yl p \e (f )\ should diverge to if 
the rank is > 0, and converge to a limit ^ if the rank is 0. This is made 
precise in terms of the L-function of E. 

For a prime p of good reduction for E, we have the number a p (E) ; for 
"cohomological" reasons, consider the infinite product (for s G C) 

L< ^ E ' ^ ^ 1 - a p (E).p- s +p.p- 2s ' 

Theorem 22 implies that this converges for Re(s) > |, but more is true : 

Theorem 23 (A. Wiles, R. Taylor, F. Diamond, B. Conrad, C. Breuil, 
1995-2000). - - The function L(E, s) admits an analytic continuation to 
the whole of C. 

For the congruent number elliptic curves C Q , this is due to Andre Weil. There is a 
way of introducing factors in L(E, s) corresponding to the primes which divide A, and 
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indeed to the place oo. This "completed" L-function A(E, s) has a "functional equation" 
for sh2-s, just as C has a functional equation for s i— > s — 1. 

Note that the product f| p | E ^ ^ is formally equal to L(E, 1), and the 
above heuristic considerations and extensive calculations on one of the 
first electronic computers at Cambridge led to the following conjecture. 

Conjecture 24 (B. Birch & P. Swinnerton-Dyer, 1965). - - The group 
E(Q) is infinite if and only if L(E, 1) = 0. More precisely, its rank equals 
the order of vanishing of L(E, s) at s = 1. 

The order of vanishing of the completed L-function A(E, s) is the same as that of 
L(E, s) at s = 1. There is a refined version of Conjecture 24 which gives the leading 
coefficient of A(E,s) at s = 1 in terms of the local and global arithmetic invariants of 
the curve E ; its formulation is subject to the truth of Conjecture 26. 

Conjecture 13 follows from this, thanks to the following criterion : 

Theorem 25 (J. Tunnell [18]). — For a squarefree integer a = jn (j = 1, 2 
and n odd), one has L(C a , 1) = if and only if Cj(n) = 0. 

The elliptic curve E has the function field Q;(E) at the various places / 
of Q. Just as we did in the case of the congruent number elliptic curves C a , 
we now consider the set Se of (isomorphism classes of) all function fields 
over Q which becomes isomorphic to Q;(E) at every place /; of course, 
Q(E) belongs to S E . 

Conjecture 26 (I. Shafarevich & J. Tate). — For every elliptic curve E 
over Q, the set Se is finite. 

The original conjecture asserts the finiteness, for every E over Q, of the 
group LLI(E) of "torsors" under E which are "everywhere locally trivial". 
This is equivalent to the finiteness of Se- 

Yuri Manin has introduced an "obstruction" to explain the failure of the local-to- 
global principle for the function field Q(E) of an elliptic curve E over Q. He shows that 
the finiteness of Se is equivalent to his obstruction being the only one. 

The equation x s + y 3 + 60 = can be put in the form (5) by a change 
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of variables ; it therefore defines an elliptic curve. 

Example 27 (Mazur [11]). — For E defined by x 3 + y 3 + 60 = 0, the set 
Se consists of Q(E) and the function fields 

3x 3 + V + 5, 12x 3 + y 3 + 5, 15x 3 + Ay 3 + 1, 3x 3 + 20y 3 + 1. 

The best available result in the direction of Conjectures 24 and 26 to 
date, the fruit of a succession of papers by numerous mathematicians, is 
a theorem of Victor Kolyvagin, of which the theorem of Coates & Wiles 
(Theorem 14) is a particular case, and which subsumes some of the results 
of Benedict Gross and Zagier [5] . 

Theorem 28 (V. Kolyvagin [8]). — // L(E, 1) ^ 0, then E(Q) is finite. If 
L(E, s) has a simple zero at s = 1, then E(Q) has rank 1. In both these 
cases, the set Se is finite. 

If the zero at s = 1 has multiplicity > 1, Conjecture 26 is needed (Cf. 
Theorem 15) : 

Theorem 29 (C. Skinner & E. Urban [15]). — Suppose that L(E, 1) = 
and that the set Se is finite. Then the group E(Q) is infinite. 

There is a parallel theory of elliptic curves E over function fields F over finite fields. 
The analogue of Mordell's theorem (Theorem 17) is true : the group E(F) is finitely 
generated. K. Kato & F. Trihan [7] have proved the analogue of (the refined version 
of) the Birch & Swinnerton-Dyer conjecture (Conjecture 24), subject to the truth of 
the analogue of the Shafarevich-Tate conjecture (Conjecture 26). 

The study of "special values" of L-functions, of which the refined 
conjecture of Birch and Swinnerton-Dyer is the prototype, is one of the 
major themes of contemporary arithmetic. 

7. Complex multiplications 

Let E be an elliptic curve over Q. Because E has a group law, there 
are many embeddings of the function field Q(E) = Q(x,y) into itself : for 
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every integer n^O, there is an embedding [ti]e which sends x, y to x n , y n , 
the coordinates of the multiple nP of the point P = (x, y) ; it is of degree 
n 2 . For example, when E is the congruent number elliptic curve C a (4) 
and n = — 1, it is the automorphism x i— > x, y i— > — y of the function field; 
when n = —2, it is the degree-4 embedding given in Exercise 7. 

In a sense, for most elliptic curves, these are the only embeddings of the 
function field into itself. But there are some elliptic curves for which there 
are more embeddings, for example the automorphism x i— > —x, y i— > iy (i 
being a chosen square root of —1) of Q(C Q ) whose square is [— l]c„- I* 1 
such a case we say that the elliptic curve E has "complex multiplications" ; 
it then determines an imaginary quadratic field K, which in the case of 
the C a is Q(i) ; we say that E has complex multiplications by K. 

The arithmetic properties of elliptic curves differ vastly according 
as they have complex multiplications or not. For example, for elliptic 
curves having complex multiplications, the theorem "L(E, 1) ^ =>- 
E(Q) is finite" was proved for by Coates- Wiles (cf. Theorem 14) a good 
eleven years before Kolyvagin's general result (cf. Theorem 28), the 
analytic continuation of L(E, s) was proved by Weil and Max Deuring in 
1953-1957, much before the general result of Wiles and his school in 1995- 
2000 (Theorem 23), and the implication "L(E, 1) = and S E finite =>- 
E(Q) infinite" was proved by Rubin (cf. Theorem 15) some fifteen years 
before the general result of Skinner-Urban (Theorem 29). 

We illustrate the differences by three examples. For the first, recall 
that an elliptic curve A over F p is called super singular if the p-torsion 
pA(Fp) is reduced to {O}, or, equivalently for p ^ 2, 3, if |A(F P )| = 1 + p 
(equivalently, a = 0, in the notation of Theorem 22). Returning to our 
E over Q, we ask : How often is E p supersingular ? Deuring showed if 
E has complex multiplications, then this happens for half the primes p 
(cf. Example 33) ; if not, Jean-Pierre Serre proved that the set of primes 
in question has density 0. That it is infinite is a relatively recent result. 

Theorem 30 (N. Elkies [3]). — For every elliptic curve E over Q, there 
are infinitely many primes p at which E p is supersingular. 



19 



For the second example, recall that for every prime p, if we adjoin the 
p-torsion of the multiplicative group Q x , which consists of p th roots of 1, 
to Q, we get a galoisian extension Q( p /i) whose group of automorphisms 
is Gal(Q( p/ u)|Q) = GLq(F p ). For an elliptic curve E over Q, the p-torsion 
of E(Q) is a 2-dimensional vector F p -space; if we adjoin it to Q, we get a 
galoisian extension Q( P E). What is Gal(Q( p E)|Q) ? 

Theorem 31 (J.-P. Serre [13]). — Suppose that E does not have complex 
multiplications. Then the group of automorphisms of Q( p E) is GL 2 (F p ) 
for almost all — all but finitely many — primes p. 

The corresponding local result for E over Q; says, at least in the case of 
good reduction, that Gal(Qz( p E)|Qz) is cyclic for / ^ p (cf. Theorem 19). 

If E (over Q) has complex multiplications, the group of automorphisms 
is much smaller : if K — an imaginary quadratic field — is the field of 
complex multiplications, then K( P E) is an abelian extension of K. However, 
such E serve a different, if related, purpose. 

Recall that the theorem of Kronecker- Weber asserts that if we adjoin 
the entire torsion subgroup of Q x - all roots of 1 - - to Q, we get the 
maximal abelian extension. Generating the maximal abelian extension of 
other number fields is a major open problem (Kronecker's Jugendtraum, 
Hilbert's Problem 12) ; the theory of complex multiplications provides the 
answer in the case of imaginary quadratic fields, as in the next example. 

Example 32. — Let E be the elliptic curve y 2 = x 3 + x, which has complex 
multiplications by Q(i). If we adjoin the entire torsion subgroup of E(Q) 
to Q(i), we get the maximal abelian extension of Q(i). 

Our third example concerns a "formula" for a p (E) for a fixed E and 
varying p. There is indeed such a formula if E has complex multiplications, 
as illustrated by a theorem of Carl Gauss about the curve x 3 + y 3 + 
1 = (which can be put in the canonical form (5), and has complex 
multiplications by Q(j), j 2 + j ' + 1 = 0). It uses the fact that for a prime 
p = 1 (mod. 3), there is a pair of integers (c p , d p ), unique up to signs, such 
that 4p = c 2 + 27 'd 2 ; to fix the sign of c p , assume that c p = —1 (mod. 3). 
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Example 33 (C. Gauss, 1801). — Let E be the elliptic curve x 3 +y 3 + l = 
and p a prime. If p = 1 (mod. 3), then a p (E) = c p . If p = — 1 (mod. 3), 
then a p (E) = 0. 

See Silverman- Tate for a proof. Note that this implies Theorem 22 for E. 

By contrast, if E does not have complex multiplications, the behaviour 
of the a p (E) is entirely different. Mikio Sato and Tate independently 
arrived at a conjectural distribution law for 7 P (E) = a p (E)/2 v /p, which 
lies between —1 and +1 for every p (cf. Theorem 22). How often does it 



Conjecture 34 (M. Sato & J. Tate, 1960). — Suppose that E does not 
have complex multiplications, and let [(3, 5] C [—1, +1] be an interval. Then 
the proportion of primes p for which 7 P (E) e [P,S] is given by 



This conjecture has been proved, subject to a mild technical hypothesis 
on E, by Laurent Clozel, Michael Harris, Nicholas Shepherd-Barron and 
Richard Taylor in a series of three papers in early 2006. The technical 
hypothesis demands that E have "multiplicative reduction" at some 
prime p, which means roughly that the best possible reduction at p is not 
an elliptic curve E p as in the case of good reduction, but the multiplicative 
group (and not the additive group — the third possibility). An algorithm 
due to Tate allows one to determine the type of reduction at any given p in 
terms of the coefficients (5) defining E. Concretely, although we cannot 
choose ai G Z p with minimal v p (A) so as to have v p (A) = 0, they can 
be so chosen as to have 1^(04) = 0, where C4 = b\ — 2 3 .3.64, and the bi 
are displayed after equation (5). It is only a matter of time before this 
hypothesis is removed. 

Theorem 35 (L. Clozel, M. Harris, N. Shepherd-Barron & R. Taylor [17]). 

- Conjecture 34 is true if E has multiplicative reduction at some prime p. 



lie in [p,8] C [-1,+1]? 
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8. Modular forms 



We have not mentioned them, although they have appeared here 
without being named. If we evoke them here, it is only to say that most of 
the spectacular recent results which we have enumerated would not have 
been possible without their help. Take the analytic continuation of L(E, s) 
(Theorem 23) : the crucial result (Wiles and others) is to show that the 
sequence (a p (E)) p defines a modular form. 

Results of Gross-Zagier and of Kolyvagin (Theorem 28), which predate 
Wiles, were enunciated only for those elliptic curves whose L-functions 
have this modulariy property ; thanks to Wiles and his successors, we now 
know that they all have. 

Mazur's determination of the possible torsion subgroups (Theorem 18) 
involves the study of modular curves, which are intimately related to 
modular forms. 

Tunnell's criterion (Theorem 25) is actually an expression for L(C a , 1) 
in terms of (the "real period" of Ci and) the coefficients Cj(n) of certain 
modular forms of half-integral weight (cf. Notation 10). 

The role of automorphic forms — a generalisation of modular forms 
- is even greater in the results of Skinner-Urban (Theorem 29) and 
in the proof of the Sato- Tate conjecture (Theorem 33). It is unlikely to 
diminish in the future : more and more L-functions are going to become 
automorphic, fulfilling the prophetic vision of Robert Langlands [9] . 

For a first introduction, apart from Serre's Course, see the book by Koblitz and 
Knapp's Elliptic curves. 

— * — * — 
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